decrypt - decrypt

Decrypts a single block of encrypted data.
The DECRYPT operation decrypts a well-formed block of ciphertext using the target encryption key and specified algorithm. This operation is the reverse of the ENCRYPT operation; only a single block of data may be decrypted, the size of this block is dependent on the target key and the algorithm to be used. The DECRYPT operation applies to asymmetric and symmetric keys stored in Azure Key Vault since it uses the private portion of the key. This operation requires the keys/decrypt permission.

POST {vaultBaseUrl}/keys/{key-name}/{key-version}/decrypt?api-version=7.2

URI Parameters

Name In Required Type Description
key-name
path True
  • string

The name of the key.

key-version
path True
  • string

The version of the key.

vaultBaseUrl
path True
  • string

The vault name, for example https://myvault.vault.azure.net.

api-version
query True
  • string

Client API version.

Request Body

Name Required Type Description
alg True

algorithm identifier

value True
  • string
aad
  • string

Additional data to authenticate but not encrypt/decrypt when using authenticated crypto algorithms.

iv
  • string

Initialization vector for symmetric algorithms.

tag
  • string

The tag to authenticate when performing decryption with an authenticated algorithm.

Responses

Name Type Description
200 OK

The decryption result.

Other Status Codes

Key Vault error response describing why the operation failed.

Examples

Decrypt example

Sample Request

POST https://myvault.vault.azure.net//keys/sdktestkey/4eb68492b5f6421e835d961ad2be3155/decrypt?api-version=7.2
{
  "alg": "RSA-OAEP",
  "value": "sid-4nG3FzRIFWXLXlG-FZo6H1-kzbNX5Exe0_VRqcGLuJWjI9oSofsn-2IagDsQzkpNAXv9V8aoIizelrK_14darhxaAV8OejO7Oh7spjxa7IxMVS3e-cwcLdEHzMbMfM1uFpDyRFqEUASHI0H8F1M2m1e9TUSXOVW3KMqm7cK94ZQMFvd4AYdLfmfnStMp_MqIQh4kpIkB6h2b1M3possVrLKH_l2L3uT-qFiwQlH9-dt0Cje5mrkpsYCy4hAXNFUPhIyBWAZwOQylIE2sPuopFs55lRIHpWP2CqNe-IK8tX87BRuJ_Vy3GIFxDjD5uu74scIyQCKMImB6xQ_-mQ"
}

Sample Response

{
  "kid": "https://myvault.vault.azure.net/keys/sdktestkey/4eb68492b5f6421e835d961ad2be3155",
  "value": "dvDmrSBpjRjtYg"
}

Definitions

Error

The key vault server error.

JsonWebKeyEncryptionAlgorithm

algorithm identifier

KeyOperationResult

The key operation result.

KeyOperationsParameters

The key operations parameters.

KeyVaultError

The key vault error exception.

Error

The key vault server error.

Name Type Description
code
  • string

The error code.

innererror

The key vault server error.

message
  • string

The error message.

JsonWebKeyEncryptionAlgorithm

algorithm identifier

Name Type Description
A128CBC
  • string
A128CBCPAD
  • string
A128GCM
  • string
A128KW
  • string
A192CBC
  • string
A192CBCPAD
  • string
A192GCM
  • string
A192KW
  • string
A256CBC
  • string
A256CBCPAD
  • string
A256GCM
  • string
A256KW
  • string
RSA-OAEP
  • string
RSA-OAEP-256
  • string
RSA1_5
  • string

KeyOperationResult

The key operation result.

Name Type Description
aad
  • string
iv
  • string
kid
  • string

Key identifier

tag
  • string
value
  • string

KeyOperationsParameters

The key operations parameters.

Name Type Description
aad
  • string

Additional data to authenticate but not encrypt/decrypt when using authenticated crypto algorithms.

alg

algorithm identifier

iv
  • string

Initialization vector for symmetric algorithms.

tag
  • string

The tag to authenticate when performing decryption with an authenticated algorithm.

value
  • string

KeyVaultError

The key vault error exception.

Name Type Description
error

The key vault server error.